Carders.cc, a German online forum dedicated to helping criminals trade and sell financial data stolen through hacking, has itself been hacked. The once-guarded contents of its servers are now being traded on public file-sharing networks, leading to the exposure of potentially identifying information on the forum’s users as well as countless passwords and credit card accounts swiped from unsuspecting victims.

The breach involves at least three separate files being traded on Rapidshare.com: The largest is a database file containing what appear to be all of the communications among nearly 5,000 Carders.cc forum members, including the contents of private, one-to-one messages that subscribers to these forums typically use to negotiate the sale of stolen goods. Another file includes the user names, e-mail addresses and in many cases the passwords of Carder.cc forum

The UAE can lead international efforts to promote global cyber security and cyber peace and to avoid the use of cyberspace for conflict, said a former senior White House adviser on Tuesday. "The UAE can play a leading role in creating an international system for cyber peace. You can do that not just by computers. But you can do that by strategists and diplomats. And there is a great role for the UAE to play in helping the world step back from cyber war to create an international system for cyber peace," said Richard Clarke, who served as a counterterrorism adviser to Presidents Bill Clinton and George W. Bush.

Warning that cyber war is the next threat to UAE national security, Clarke argued physical defences akin to borders such as firewalls will remain essential, but given the high levels of cross-border connectivity in cyber world, new approaches for cyber security must include the international diplomatic dimension.

Phishing may not be the most sophisticated form of cyber crime, but it can be a lucrative trade for those who decide to make it their day jobs. Indeed, data secretly collected from an international phishing operation over 18 months suggests that criminals who pursue a career in phishing can reap millions of dollars a year, even if they only manage to snag just a few victims per scam.

Phishers often set up their fraudulent sites using ready-made “phish kits” — collections of HTML, text and images that mimic the content found at major banks and e-commerce sites. Typically, phishers stitch the kits into the fabric of hacked, legitimate sites, which they then outfit with a “backdoor” that allows them to get back into the site at any time.

Thousands of people have paid tribute on Facebook to an Australian teenager allegedly lured to her death by a man she met on the social networking site. The body of Nona Belomesoff was found two days after she went on a trip with the man, who told her they were going to rescue injured animals, police say. A 20-year-old man has been charged with Ms Belomesoff's murder at a creek south of Sydney.

Detectives say the case reinforces the need for vigilance when using Facebook. Ms Belomesoff, 18, is believed to have befriended Christopher James Dannevig, who police say set up a fake Facebook profile in which he claimed to work for an animal welfare group.

Researchers at Imperva have discovered an 'experimental' botnet that uses around 300 hijacked web servers to launch high-bandwidth DDoS attacks. The servers are all believed to be open to an unspecified security vulnerability that allows the attacker, who calls him or herself 'Exeman', to infect them with a tiny, 40-line PHP script. This includes a simple GUI from which the attacker can return at a later date to enter in the IP, port and duration numbers for the attack that is to be launched. Building a Secure and Compliant Windows Desktop: Download nowBut why servers in the first place? Botnets are built from PCs and rarely involve servers.

According to Imperva's CTO, Amachai Shulman, they have no antivirus software and offer high upload bandwidth, typically 10-50 times that of a consumer PC.

For all the Twitterers who were fretting about where their followers went earlier today, fear not. They're back. Twitter engineers have corrected a bug that was messing with users' followers on Monday. To fix the problem, Twitter engineers had to reset users' followers/following numbers to zero for a while around midday, according to Twitter's Status update.

"What we really see with social networking is that for any given tool, whether it's Twitter, Facebook or any other site, there is a hard core of very active users who care a lot about any problems, changes, or interruptions. These people are very vocal and opinionated -- passionate, in other words."

With the 2010 FIFA World Cup less than two months away, cybercriminals (as expected) are banking on this prestigious international football event to trick users. TrendLabsSM spotted the latest threat involving this, and it came in the form of an email message currently being spammed in the wild.

The spam carried a .PDF file attachment which was found to contain details about the lottery the recipient allegedly won. It also instructed the recipient to give out personal information and send them to the contact person or email sender before the prize could be claimed. What was interesting about the purported sender of the email—one Mrs. Michelle Matins, Executive Vice President—was also the signatory for the 419 scam, aka the Nigeria scam.

Cybersecurity needs a global rethink, and fast, Dell's CEO Michael Dell and Services CIO, Jim Stikeleather, have warned experts at the EastWest Institute Worldwide Cybersecurity Summit in the US. In separate presentations and briefings, the men developed the theme of piecemeal reactions to the rapid rise of crymber-criminality, which included economic crime and direct threats to critical infrastructure.

Governments haven't done enough and have fallen into the trap of seeing matters in a narrow, national way. Meanwhile, the security industry has been content to sell products without asking whether security was properly embedded into the way products are developed. "Governments and private industry need to work collaboratively to develop the appropriate international framework to secure cyberspace. We should all do this in a way that keeps our global information central nervous system intact and secure," said Michael Dell.

As much heat as Facebook has taken recently for its privacy policies and the freedom with which it shares data across the Web and around the world, Facebook is still not the biggest threat to online privacy--you are. A study by Consumer Reports illustrates that users are really their own worst enemy when it comes to online privacy.

Here are some of the key findings of the Consumer Reports survey: • A projected 1.7 million online households had experienced online identity theft in the past year. • An estimated 5.4 million online consumers submitted personal information to e-mail (phishing) scammers during the past two years. • Among adult social network users, 38 percent had posted their full birth date, including year. Forty-five percent of those with children had posted their children's photos. And 8% had posted their own street address. • An estimated 5.1 million online households had experienced some type of abuse on a social network in the past year, including malware infections, scams, and harassment.

Cybersecurity experts from around the world meeting on ways to protect the Internet say they still have fears of "nightmare" scenarios in which attacks could cripple critical computer networks. "I live in a world of nightmares," Patrick Pailloux, director general of France's Network and Information Security Agency, told participants in the first Worldwide Cybersecurity Summit which ended on Wednesday. "Each subject is a nightmare: electricity, power grids, transportation, airplanes, water supply, finance, the banking system, the health system,"

Pailloux said. Pailloux was among the 400 participants from 40 nations who attended the meeting hosted by the EastWest Institute think tank to come up with ways to protect the world's digital infrastructure from cyber threats. The cybersecurity experts, government officials and business leaders agreed that only global cooperation could protect computer networks under constant attack from ever mutating viruses, worms, spam and a host of other dangers.

Websites operated by the US Treasury Department are redirecting visitors to websites that attempt to install malware on their PCs, a security researcher warned on Monday. The infection buries an invisible iframe in bep.treas.gov, moneyfactory.gov, and bep.gov that invokes malicious scripts from grepad.com, Roger Thompson, chief research officer of AVG Technologies, told The Register. The code was discovered late Sunday night and was active at time of writing, about 12 hours later.

To cover their tracks, the miscreants behind the compromise tailored it so it attacks only IP addresses that haven't already visited the Treasury websites. That makes it harder for white hat-hackers and law enforcement agents to track the exploit. Indeed, Thompson initially reported that the problem had been fixed until he discovered the sites were merely skipping over laboratory PCs that had already encountered the attack.

A new international research report commissioned by ACCAN reports on 16 high-speed broadband applications that can provide enormous benefits to people with disabilities. The report was conducted between November 2009 and January 2010 and discusses the uses of broadband applications in Europe, the United States and Japan. The study is also timely with regard to the work being undertaken to establish the National Disability Strategy. Preliminary findings from the study have resulted in input being provided to the Department of Broadband, Communications and the Digital Economy for its involvement in the Inter-Departmental Committee on the National Disability Strategy.

Cisco Systems has embarked on a "take back and recycle" program, to ensure that consumers in Africa do not use phased-out equipment. The program takes used Cisco gear as well phased-out products that may still be sitting on resellers&apos; shelves. Cisco has already indicated that it is phasing out the Linksys brand, which is common in Africa. "The Computer For Schools Kenya (CFSK) plant can handle large quantities of e-waste in a day; has employed young people and its important for equipment manufacturers and vendors in the region to work with communities,"

While the Cisco program may save customers the cost of managing and storing excess, outdated, or used ICT equipment, most such equipment on the continent is dumped is sold at low cost -- in some cases the equipment works, making cost-conscious customers consider buying obsolete equipment.

A new research report on online government from the Pew Research Center’s Internet & American Life Project shows that citizens are searching for information in unprecedented numbers. When they visit sites, they're increasingly making transactions and participating in discussion around policies. Forty-one percent have gone online to get forms, including tax forms, health forms or student aid forms, and 35 percent have researched government documents or statistics. Roughly one-third of all Internet users reported renewing driver's licenses and auto registrations online. In general, the use of government websites for information and transactions is nearly ubiquitous among Internet users, with 82 percent of online adults surveyed reporting one of the two activities.

European ministers are considering establishing a new agency that would tie together law enforcement agencies and other entities dedicated to fighting cybercrime. The ministers released a set of goals they'd like to achieve over time. One of those is to gain more ratifications of the Council of Europe's Cybercrime Convention, the only international treaty covering computer crime. The treaty requires countries to adopt cybercrime laws, have contacts available 24 hours a day for fast-breaking investigations and other measures. Another medium-term goal focuses on revocation of domain names and IP (Internet protocol) addresses. The document doesn't spell out exactly the ministers' objectives there, as it is already standard procedure for many ISPs to shut down Web sites linked with bad behavior. The new agency would also be tasked with forging stronger bonds between various law enforcement and other organizations that deal with cybercrime, including Europol, Eurojust, Interpol and others.

Many of us take the Internet for granted, but what about locations that are too remote or economically impoverished to enjoy the hi-tech benefits of the developed world? The Shadow Chancellor in the UK, George Osborne, illustrated in a recent speech that people in the developing world - even in the poorest of circumstances - do care about having access to technology.

In a visit to a remote village in Rwanda in 2007 he and 40 other Conservative Party volunteers were working on transforming a once derelict orphanage into a school. When it was announced that they were going to fix up the buildings and improve the water supply there were cheers from the villagers, but the loudest shouts were received when it was announced that the school was to be equipped with a computer. Osborne was at first surprised with the reaction - access to a computer is not a fundamental of life. But even villagers in the remotest part of Rwanda knew about computers and the Internet and didn't want their children to be excluded - as they had been - from something that could help lift them out of poverty.

The German government is planning to establish a botnet cleanup helpline for computer users affected by malware infection. ISPs are teaming up with the German Federal Office for Information Security (BSI) to set up an operation geared towards cleansing consumer systems from botnet infestation. ISPs will track down infected machines, before directing users towards a website offering advice and an associated call centre, staffed by around 40.

The project, due to start in 2010, was announced on Tuesday at the German IT summit in Stuttgart. Malware in general, and botnets in particular, are a Windows ecosystem problem. Some bloggers have taken exception to the German plan, and have described it as a state funded subsidy to Microsoft, arguing that the money would be better spent offering advice on how to switch to less virus-infected systems.

Attorney General of the Federation (AGF), Mohammed Bello Adoke, has called for the establishment of computer forensic laboratories across the country either on zonal or state basis. The AGF said that the yet to be established laboratories would be federally funded and managed by government agency that would be designed to work closely with the military, police, paramilitary, state security service and all state and local law enforcement agencies.

The director, Digital Evidence and Cyber Forensic Institute, Arinze Emeka said the study on forensic analyses has become more important because present state of global technology. "You cannot do anything today without the use of the communication network. Before now, we have been used to the analog way of doing things. Virtually all functions of government in whatever manner they operate through the cyber space," he said.

Blippy, a social networking site that allows users to share their purchases and discuss shopping with others, will revamp its security plans and hire a Chief Security Officer after an embarrassing incident in which the site accidentally published a few of its members' credit card numbers on Google.

Blippy Co-founder and CEO Ashvin Kumar said in a blog post this week that the slip-up occurred as a result of a technical oversight back in February that caused raw transaction data to appear within the HTML code on some Blippy pages for about half a day. Kumar said Blippy executives have hammered out a security plan that aims to prevent further security missteps. It includes hiring a Chief Security Officer and associated staff that will focus solely on issues relating to information security. Blippy will also undergo regular 3rd-party infrastructure and application security audits and create a security and privacy center, in addition to other measures included in the plan.

Four U.S. senators want Facebook to make it easier for its more than 400 million users to protect their privacy as the website develops new outlets to share personal information. It marks the second time in the past three days that Schumer has expressed his misgivings about a series of changes that Facebook announced last week. The new features are designed to unlock more of the data that the online hangout has accumulated about people during its six-year history.

Schumer sent a letter Sunday to the Federal Trade Commission calling for regulators to draw up clearer privacy guidelines for Facebook and other Internet social networks to follow. The political pressure threatens to deter Facebook's efforts to put its stamp on more websites, a goal that could yield more moneymaking opportunities for the privately held company. Facebook's expansion "raises new concerns for users who want to maintain control over their information," the senators wrote in their preliminary draft.

This paper presents the findings from the 2nd Global Annual Symposium on DNS Security, Stability and Resiliency, conducted 1-3 February 2010 at Kyoto University in Kyoto, Japan. Program committee members chose to focus this year's conference on the theme of measuring the health of the DNS. As the entire Internet relies daily on the DNS, understanding its health – both at a given instant and as it changes over time – is critical for being able to reasonably predict the DNS's health outlook and to decide whether to take corrective measures.

The Symposium endeavored to analyze the state of understanding DNS health, the key vital signs for the DNS and how the community might approach improving measurement and assessment of DNS health.

"A hacker who calls himself Kirllos has obtained and is now offering to sell 1.5 million Facebook IDs at astonishingly low prices — $25 per 1,000 IDs for users with fewer than 10 friends and $45 per 1,000 IDs for users with more than 10 friends. Looking at the numbers, Kirllos has stolen the IDs of one out of every 300 Facebook users. Quoting: 'VeriSign director of cyber intelligence Rick Howard told the New York Times that it appeared close to 700,000 had already been sold. Kirllos would have earned at least $25,000 from the scam. Howard told the newspaper that it was not apparent whether the accounts and passwords were legitimate, but a Russian underground hacking magazine reported it had tested some of Kirllos' previous samples and managed to get into people's accounts.'"

History was made the other evening when the UK's three wannabe prime ministers took centre stage for a TV debate. This was the culmination of weeks of rehearsals, practice runs and body language training. But what if I then tell you that every mobile phone call made by one of the campaign teams preparing for this TV event was secretly recorded and analysed, enabling their rival to understand everything from the campaign strategy through to the likely rebuttal to a particular question? Illegal? Of course. Farfetched? No longer. The past few months has seen the mobile phone industry thrown into turmoil as the computer hacking community has carried out successful attacks against mobile phone call security. I wrote an article about such a hack a while back, but at that point it remained a theory rather than a practical way to listen into mobile phone calls.

Facebook brings families closer together. But as with any medium, Facebook is sometimes abused, occasionally to damaging effect. The Facebook Privacy Settings options let you control who has access to your personal information. The page includes a Block List that prevents contact with the people and e-mail addresses you specify without their knowledge.

The Safety for Parents section of the Safety Center describes what to do if your child views inappropriate content on a Facebook page, how to help a child report abusive conduct, and how to delete an account of a child under the age of 13. Much of the information in this section parrots the entries on the Safety for Teens page, but it does include links to in-depth articles by Common Sense Media on security for teens online.

Attackers have begun exploiting a design flaw in Adobe's PDF format to spread the Zeus botnet, only days after the publication of a proof-of-concept exploit for the flaw, according to security researchers.

On Wednesday, researchers at M86 Security said they had discovered emails claiming to originate from Royal Mail with PDF attachments exploiting the flaw. The attachment attempts to run an executable file that installs the Zeus Trojan on a user's system. Zeus attempts to steal banking information by logging a user's keystrokes. It also attempts to make a user's system part of the Zeus botnet.

The information presented within this blog comes from various organizations around the world. ITU encourages users to seek more detailed information from the original source through the links provided.
Links to third-party websites are provided for the convenience of all users. The ITU is not responsible for the accuracy, currency or the reliability of the content on these third-party websites. ITU does not offer any guarantee in that regard nor does ITU endorse the third-party organizations, their sites or content.